[Samba] NT_STATUS_INTERNAL_ERROR
Ing. Luis Felipe DomÃnguez Vega
luis.dominguez at mtz.desoft.cu
Thu Aug 10 19:43:10 UTC 2017
Hello, a short history, I am using samba 4 with Debian 9 from the repository, 2 days ago the server was broken, but I was copy all the /var/lib/samba directory to a safe place, then I was installed a new server with the same Debian and samba from repository, and stopped smbd, nmbd and winbind, unmask samba-ad-dc and finally copied all the directory from the old server to the new server and started the samba, all works fine, the bind is integrated with samba_dlz, etc. But now when i go to join a Windows 7 PC to the domain show an error with "Internal Error". Inside the AD server i put this command
kinit administrator
smbclient -k -L dc.mtz.desoft.cu -m smb2 -d5
and the output is
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
tevent: 5
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
tevent: 5
Processing section "[global]"
doing parameter netbios name = DC
doing parameter realm = MTZ.DESOFT.CU
doing parameter server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
doing parameter workgroup = MTZ
doing parameter server role = active directory domain controller
doing parameter idmap_ldb:use rfc2307 = yes
doing parameter client ldap sasl wrapping = sign
doing parameter ldap server require strong auth = No
doing parameter full_audit:prefix = %u|%I|%S
doing parameter full_audit:failure = connect
doing parameter full_audit:success = connect disconnect opendir mkdir rmdir closedir open close read pread write pwrite sendfile rename unlink chmod fchmod chown fchown chdir ftruncate lock symlink readlink link mknod realpath
doing parameter full_audit:facility = local5
doing parameter full_audit:priority = notice
doing parameter tls enabled = yes
doing parameter tls certfile = /var/lib/samba/private/tls/dc-cert.pem
doing parameter tls keyfile = /var/lib/samba/private/tls/secure/dc-privkey.pem
doing parameter tls cafile = /var/lib/samba/private/tls/cacert.pem
doing parameter tls crlfile = /var/lib/samba/private/tls/mtz.desoft.cu.crl
doing parameter tls dhparams file = /var/lib/samba/private/tls/dc-dhparams.pem
doing parameter ntlm auth = yes
doing parameter winbind max clients = 10000
doing parameter min protocol = SMB2
pm_process() returned Yes
added interface eth1 ip=fd2d:bba0:d4f9:4fb9:98fe:2ff:fe6b:adcb bcast= netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=10.11.0.1 bcast=10.11.0.255 netmask=255.255.255.0
added interface eth0 ip=192.168.0.1 bcast=192.168.0.255 netmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="DC"
Client started (version 4.5.8-Debian).
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
sitename_fetch: No stored sitename for realm 'MTZ.DESOFT.CU'
name dc.mtz.desoft.cu#20 found.
Connecting to 192.168.0.1 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 2626560
SO_RCVBUF = 1061808
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
session request ok
Doing spnego session setup (blob length=96)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178 at please_ignore
cli_session_setup_spnego: using target hostname not SPNEGO principal
cli_session_setup_spnego: guessed server principal=cifs/dc.mtz.desoft.cu at MTZ.DESOFT.CU
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
SPNEGO login failed: An internal error occurred.
session setup failed: NT_STATUS_INTERNAL_ERROR
---------------------------------------------------------------------
smb.conf
----------------------------------------------------------------------
# Global parameters
[global]
netbios name = DC
realm = MTZ.DESOFT.CU
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = MTZ
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
client ldap sasl wrapping = sign
ldap server require strong auth = No
# map to guest = bad user
# Audit settings
full_audit:prefix = %u|%I|%S
full_audit:failure = connect
full_audit:success = connect disconnect opendir mkdir rmdir closedir open close read pread write pwrite sendfile rename unlink chmod fchmod chown fchown chdir ftruncate lock symlink readlink link mknod realpath
full_audit:facility = local5
full_audit:priority = notice
tls enabled = yes
tls certfile = /var/lib/samba/private/tls/dc-cert.pem
tls keyfile = /var/lib/samba/private/tls/secure/dc-privkey.pem
tls cafile = /var/lib/samba/private/tls/cacert.pem
tls crlfile = /var/lib/samba/private/tls/mtz.desoft.cu.crl
tls dhparams file = /var/lib/samba/private/tls/dc-dhparams.pem
ntlm auth = yes
# lanman auth = yes
# lanman auth = yes
winbind max clients = 10000
min protocol = SMB2
[netlogon]
path = /var/lib/samba/sysvol/mtz.desoft.cu/scripts
read only = No
vfs objects = full_audit
[sysvol]
path = /var/lib/samba/sysvol
read only = No
vfs objects = full_audit
--
Luis Felipe Dominguez Vega
System Administration in Desoft Matanzas | Mob: [ tel:+5353694785 | +5353694785 ] | [ http://www.desoft.cu/ | www.desoft.cu ]
[ https://www.facebook.com/lfdominguez0104 | ] [ https://www.linkedin.com/in/luis-felipe-dom%C3%ADnguez-vega-47725794/ | ] [ https://twitter.com/LuisFelipeDV1 | ]
More information about the samba
mailing list